]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 176c92c)
nft: cache: Sort custom chains by name
authorPhil Sutter <phil@nwl.cc>
Thu, 30 Jul 2020 08:24:10 +0000 (10:24 +0200)
committerPhil Sutter <phil@nwl.cc>
Mon, 21 Dec 2020 17:33:21 +0000 (18:33 +0100)
With base chains no longer residing in the tables' chain lists, they can
easily be sorted upon insertion. This on one hand aligns custom chain
ordering with legacy iptables and on the other makes it predictable,
which is very helpful when manually comparing ruleset dumps for
instance.

Adjust the one ebtables-nft test case this change breaks (as wrong
ordering is expected in there). The manual output sorting done for tests
which apply to legacy as well as nft is removed in a separate patch.

Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft-cache.c patch | blob | blame | history
iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 patch | blob | blame | history

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index bd19b6dfc4d8a0072b929734709fa45cbf4fbaa0..6b6e6da40a82629845c4c41990f364c8e455d86a 100644 (file)
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -223,8 +223,19 @@ int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
 
                h->cache->table[t->type].base_chains[hooknum] = nc;
        } else {
-               list_add_tail(&nc->head,
-                             &h->cache->table[t->type].chains->list);
+               struct nft_chain_list *clist = h->cache->table[t->type].chains;
+               struct list_head *pos = &clist->list;
+               struct nft_chain *cur;
+               const char *n;
+
+               list_for_each_entry(cur, &clist->list, head) {
+                       n = nftnl_chain_get_str(cur->nftnl, NFTNL_CHAIN_NAME);
+                       if (strcmp(cname, n) <= 0) {
+                               pos = &cur->head;
+                               break;
+                       }
+               }
+               list_add_tail(&nc->head, pos);
        }
        hlist_add_head(&nc->hnode, chain_name_hlist(h, t, cname));
        return 0;
diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
index b84f63a7c3672121ad1e54209546f4fb7c4f2b2f..ccdef19cfb21516a8366ff820cffcf1a0bf603c1 100755 (executable)
--- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
+++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0
@@ -70,8 +70,8 @@ DUMP='*filter
 :INPUT ACCEPT
 :FORWARD DROP
 :OUTPUT ACCEPT
-:foo ACCEPT
 :bar RETURN
+:foo ACCEPT
 -A INPUT -p IPv4 -i lo -j ACCEPT
 -A FORWARD -j foo
 -A OUTPUT -s Broadcast -j DROP
Mirror of git://git.netfilter.org/iptables